Google has launched safety updates to repair the primary Chrome zero-day vulnerability exploited within the wild because the starting of the 12 months.
“Google is conscious of studies that an exploit for CVE-2024-0519 exists within the wild,” the corporate mentioned in a safety advisory revealed Tuesday.
The firm fastened the zero-day for customers within the Stable Desktop channel, with patched variations rolling out worldwide to Windows (120.0.6099.224/225), Mac (120.0.6099.234), and Linux (120.0.6099.224) customers lower than every week after being reported to Google.
Although Google says the safety replace might take days or even weeks to succeed in all affected customers, it was accessible instantly when BleepingComputer checked for updates in the present day.
Those preferring to not replace their internet browser manually can depend on Chrome to routinely test for brand new updates and set up them after the following launch.
The high-severity zero-day vulnerability (CVE-2024-0519) is because of a high-severity out-of-bounds reminiscence entry weak spot within the Chrome V8 JavaScript engine, which attackers can exploit to realize entry to information past the reminiscence buffer, offering them entry to delicate data or triggering a crash.
“The anticipated sentinel won’t be positioned within the out-of-bounds reminiscence, inflicting extreme information to be learn, resulting in a segmentation fault or a buffer overflow,” MITER explains. “The product might modify an index or carry out pointer arithmetic that references a reminiscence location that’s exterior of the boundaries of the buffer. A subsequent learn operation then produces undefined or sudden outcomes.”
While Google is aware of of CVE-2024-0519 zero-day exploits utilized in assaults, the corporate has but to share additional particulars relating to these incidents.
“Access to bug particulars and hyperlinks could also be saved restricted till a majority of customers are up to date with a repair,” Google mentioned. “We may even retain restrictions if the bug exists in a 3rd get together library that different tasks equally rely on, however have not but fastened.”
Today, Google additionally patched V8 out-of-bounds write (CVE-2024-0517) and sort confusion (CVE-2024-0518) flaws, permitting for arbitrary code execution on compromised gadgets.
Last 12 months, Google fastened eight Chrome zero-day bugs exploited in assaults tracked as CVE-2023-7024, CVE-2023-6345, CVE-2023-5217, CVE-2023-4863, CVE-2023-3079, CVE-2023- 4762, CVE-2023-2136, and CVE-2023-2033.
Some of them, like CVE-2023-4762, have been tagged as zero-days used to deploy spyware and adware on susceptible gadgets belonging to high-risk customers, together with journalists, opposition politicians, and dissidents, a number of weeks after the corporate launched patches.